package io.airlift.http.server;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.MoreObjects;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import io.airlift.concurrent.Threads;
import io.airlift.http.server.HttpServerBinder;
import io.airlift.http.server.HttpServerConfig;
import io.airlift.http.server.jetty.MonitoredQueuedThreadPoolMBean;
import io.airlift.log.Logger;
import io.airlift.memory.jetty.ConcurrentRetainableBufferPool;
import io.airlift.node.NodeInfo;
import io.airlift.units.DataSize;
import jakarta.annotation.PostConstruct;
import jakarta.annotation.PreDestroy;
import jakarta.servlet.Filter;
import jakarta.servlet.Servlet;
import java.io.IOException;
import java.nio.channels.ServerSocketChannel;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.time.ZoneId;
import java.time.ZonedDateTime;
import java.time.temporal.ChronoUnit;
import java.util.Collections;
import java.util.Comparator;
import java.util.EnumSet;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.OptionalLong;
import java.util.Set;
import java.util.concurrent.Executor;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import javax.management.MBeanServer;
import org.eclipse.jetty.alpn.server.ALPNServerConnectionFactory;
import org.eclipse.jetty.ee10.servlet.FilterHolder;
import org.eclipse.jetty.ee10.servlet.ServletContextHandler;
import org.eclipse.jetty.ee10.servlet.ServletHolder;
import org.eclipse.jetty.http.MimeTypes;
import org.eclipse.jetty.http.UriCompliance;
import org.eclipse.jetty.http2.server.AuthorityCustomizer;
import org.eclipse.jetty.http2.server.HTTP2CServerConnectionFactory;
import org.eclipse.jetty.http2.server.HTTP2ServerConnectionFactory;
import org.eclipse.jetty.io.ArrayByteBufferPool;
import org.eclipse.jetty.io.ByteBufferPool;
import org.eclipse.jetty.io.ConnectionStatistics;
import org.eclipse.jetty.jmx.MBeanContainer;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.ForwardedRequestCustomizer;
import org.eclipse.jetty.server.HostHeaderCustomizer;
import org.eclipse.jetty.server.HttpConfiguration;
import org.eclipse.jetty.server.HttpConnectionFactory;
import org.eclipse.jetty.server.SecureRequestCustomizer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.server.ServerConnector;
import org.eclipse.jetty.server.SslConnectionFactory;
import org.eclipse.jetty.server.handler.ErrorHandler;
import org.eclipse.jetty.server.handler.StatisticsHandler;
import org.eclipse.jetty.server.handler.gzip.GzipHandler;
import org.eclipse.jetty.util.ssl.SslContextFactory;
import org.eclipse.jetty.util.thread.MonitoredQueuedThreadPool;
import org.eclipse.jetty.util.thread.Scheduler;
import org.eclipse.jetty.util.thread.VirtualThreadPool;
import org.weakref.jmx.Managed;
import org.weakref.jmx.Nested;

/* loaded from: input_file:io/airlift/http/server/HttpServer.class */
public class HttpServer {
    private static final Logger log = Logger.get(HttpServer.class);
    private final Server server;
    private final MonitoredQueuedThreadPoolMBean monitoredQueuedThreadPoolMBean;
    private ConnectionStats httpConnectionStats;
    private ConnectionStats httpsConnectionStats;
    private ScheduledExecutorService scheduledExecutorService;
    private Optional<SslContextFactory.Server> sslContextFactory;

    /* loaded from: input_file:io/airlift/http/server/HttpServer$ClientCertificate.class */
    public enum ClientCertificate {
        NONE,
        REQUESTED,
        REQUIRED
    }

    public HttpServer(HttpServerInfo httpServerInfo, NodeInfo nodeInfo, HttpServerConfig httpServerConfig, Optional<HttpsConfig> optional, Servlet servlet, Set<Filter> set, Set<HttpServerBinder.HttpResourceBinding> set2, boolean z, boolean z2, boolean z3, ClientCertificate clientCertificate, MBeanServer mBeanServer, Optional<SslContextFactory.Server> optional2, Optional<ByteBufferPool> optional3) throws IOException {
        HttpConfiguration.Customizer ignoreForwardedRequestCustomizer;
        Objects.requireNonNull(httpServerInfo, "httpServerInfo is null");
        Objects.requireNonNull(nodeInfo, "nodeInfo is null");
        Objects.requireNonNull(httpServerConfig, "config is null");
        Objects.requireNonNull(optional, "httpsConfig is null");
        Objects.requireNonNull(servlet, "servlet is null");
        Objects.requireNonNull(optional2, "maybeSslContextFactory is null");
        Objects.requireNonNull(clientCertificate, "clientCertificate is null");
        Preconditions.checkArgument(!httpServerConfig.isHttpsEnabled() || optional.isPresent(), "httpsConfig must be present when HTTPS is enabled");
        MonitoredQueuedThreadPool monitoredQueuedThreadPool = new MonitoredQueuedThreadPool(httpServerConfig.getMaxThreads());
        monitoredQueuedThreadPool.setMinThreads(httpServerConfig.getMinThreads());
        monitoredQueuedThreadPool.setIdleTimeout(Math.toIntExact(httpServerConfig.getThreadMaxIdleTime().toMillis()));
        monitoredQueuedThreadPool.setName("http-worker");
        monitoredQueuedThreadPool.setDetailedDump(true);
        if (z) {
            VirtualThreadPool virtualThreadPool = new VirtualThreadPool();
            virtualThreadPool.setMaxThreads(httpServerConfig.getMaxThreads());
            virtualThreadPool.setName("http-worker#v");
            virtualThreadPool.setDetailedDump(true);
            log.info("Virtual threads support is enabled");
            monitoredQueuedThreadPool.setVirtualThreadsExecutor(virtualThreadPool);
        }
        int intExact = Math.toIntExact(Math.max(Math.max(toSafeBytes(httpServerConfig.getMaxRequestHeaderSize()).orElse(8192L), toSafeBytes(httpServerConfig.getMaxResponseHeaderSize()).orElse(8192L)), toSafeBytes(httpServerConfig.getOutputBufferSize()).orElse(32768L)));
        this.server = new Server(monitoredQueuedThreadPool, (Scheduler) null, optional3.orElseGet(() -> {
            return createByteBufferPool(intExact, httpServerConfig);
        }));
        this.monitoredQueuedThreadPoolMBean = new MonitoredQueuedThreadPoolMBean(monitoredQueuedThreadPool);
        boolean isShowStackTrace = httpServerConfig.isShowStackTrace();
        boolean isCompressionEnabled = httpServerConfig.isCompressionEnabled();
        this.sslContextFactory = optional2;
        if (mBeanServer != null) {
            this.server.addBean(new MBeanContainer(mBeanServer));
        }
        HttpConfiguration httpConfiguration = new HttpConfiguration();
        httpConfiguration.setSendServerVersion(false);
        httpConfiguration.setSendXPoweredBy(false);
        httpConfiguration.setNotifyRemoteAsyncErrors(true);
        switch (httpServerConfig.getProcessForwarded()) {
            case REJECT:
                ignoreForwardedRequestCustomizer = new RejectForwardedRequestCustomizer();
                break;
            case ACCEPT:
                ignoreForwardedRequestCustomizer = new ForwardedRequestCustomizer();
                break;
            case IGNORE:
                ignoreForwardedRequestCustomizer = new IgnoreForwardedRequestCustomizer();
                break;
            default:
                throw new MatchException((String) null, (Throwable) null);
        }
        httpConfiguration.addCustomizer(ignoreForwardedRequestCustomizer);
        httpConfiguration.addCustomizer(new AuthorityCustomizer());
        httpConfiguration.addCustomizer(new HostHeaderCustomizer());
        if (httpServerConfig.getMaxRequestHeaderSize() != null) {
            httpConfiguration.setRequestHeaderSize(Math.toIntExact(httpServerConfig.getMaxRequestHeaderSize().toBytes()));
        }
        if (httpServerConfig.getMaxResponseHeaderSize() != null) {
            httpConfiguration.setResponseHeaderSize(Math.toIntExact(httpServerConfig.getMaxResponseHeaderSize().toBytes()));
        }
        if (httpServerConfig.getOutputBufferSize() != null) {
            httpConfiguration.setOutputBufferSize(Math.toIntExact(httpServerConfig.getOutputBufferSize().toBytes()));
        }
        httpConfiguration.setHeaderCacheCaseSensitive(z3);
        if (z2) {
            httpConfiguration.setUriCompliance(UriCompliance.from(EnumSet.of(UriCompliance.Violation.AMBIGUOUS_PATH_SEPARATOR, UriCompliance.Violation.AMBIGUOUS_PATH_ENCODING, UriCompliance.Violation.SUSPICIOUS_PATH_CHARACTERS)));
        }
        if (httpServerConfig.isHttpEnabled()) {
            HttpConfiguration httpConfiguration2 = new HttpConfiguration(httpConfiguration);
            if (httpServerConfig.isHttpsEnabled()) {
                httpConfiguration2.setSecureScheme("https");
                httpConfiguration2.setSecurePort(httpServerInfo.getHttpsUri().getPort());
            }
            ServerConnector createServerConnector = createServerConnector(httpServerInfo.getHttpChannel(), this.server, null, ((Integer) MoreObjects.firstNonNull(httpServerConfig.getHttpAcceptorThreads(), -1)).intValue(), ((Integer) MoreObjects.firstNonNull(httpServerConfig.getHttpSelectorThreads(), -1)).intValue(), insecureFactories(httpServerConfig, httpConfiguration2));
            createServerConnector.setName("http");
            createServerConnector.setPort(httpServerInfo.getHttpUri().getPort());
            createServerConnector.setIdleTimeout(httpServerConfig.getNetworkMaxIdleTime().toMillis());
            createServerConnector.setHost(nodeInfo.getBindIp().getHostAddress());
            createServerConnector.setAcceptQueueSize(httpServerConfig.getHttpAcceptQueueSize());
            ConnectionStatistics connectionStatistics = new ConnectionStatistics();
            createServerConnector.addBean(connectionStatistics);
            this.httpConnectionStats = new ConnectionStats(connectionStatistics);
            this.server.addConnector(createServerConnector);
        }
        if (httpServerConfig.isHttpsEnabled()) {
            HttpConfiguration httpConfiguration3 = new HttpConfiguration(httpConfiguration);
            setSecureRequestCustomizer(httpConfiguration3);
            HttpsConfig orElseThrow = optional.orElseThrow();
            this.sslContextFactory = Optional.of(this.sslContextFactory.orElseGet(() -> {
                return createReloadingSslContextFactory(orElseThrow, clientCertificate, nodeInfo.getEnvironment());
            }));
            ServerConnector createServerConnector2 = createServerConnector(httpServerInfo.getHttpsChannel(), this.server, null, ((Integer) MoreObjects.firstNonNull(httpServerConfig.getHttpsAcceptorThreads(), -1)).intValue(), ((Integer) MoreObjects.firstNonNull(httpServerConfig.getHttpsSelectorThreads(), -1)).intValue(), secureFactories(httpServerConfig, httpConfiguration3, this.sslContextFactory.get()));
            createServerConnector2.setName("https");
            createServerConnector2.setPort(httpServerInfo.getHttpsUri().getPort());
            createServerConnector2.setIdleTimeout(httpServerConfig.getNetworkMaxIdleTime().toMillis());
            createServerConnector2.setHost(nodeInfo.getBindIp().getHostAddress());
            createServerConnector2.setAcceptQueueSize(httpServerConfig.getHttpAcceptQueueSize());
            ConnectionStatistics connectionStatistics2 = new ConnectionStatistics();
            createServerConnector2.addBean(connectionStatistics2);
            this.httpsConnectionStats = new ConnectionStats(connectionStatistics2);
            this.server.addConnector(createServerConnector2);
        }
        StatisticsHandler statisticsHandler = new StatisticsHandler();
        statisticsHandler.setHandler(createServletContext(servlet, set2, set, Set.of("http", "https"), isShowStackTrace, z2, isCompressionEnabled));
        if (httpServerConfig.isLogEnabled()) {
            this.server.setRequestLog(new JettyRequestLog(httpServerConfig.getLogPath(), httpServerConfig.getLogHistory(), httpServerConfig.getLogQueueSize(), httpServerConfig.getLogMaxFileSize().toBytes(), httpServerConfig.isCompressionEnabled(), httpServerConfig.isLogImmediateFlush()));
        }
        this.server.setHandler(statisticsHandler);
        ErrorHandler errorHandler = new ErrorHandler();
        errorHandler.setShowMessageInTitle(isShowStackTrace);
        errorHandler.setShowStacks(isShowStackTrace);
        errorHandler.setDefaultResponseMimeType(MimeTypes.Type.TEXT_PLAIN.asString());
        this.server.setErrorHandler(errorHandler);
    }

    private ByteBufferPool createByteBufferPool(int i, HttpServerConfig httpServerConfig) {
        long longValue = ((Long) httpServerConfig.getMaxHeapMemory().map((v0) -> {
            return v0.toBytes();
        }).orElse(0L)).longValue();
        long longValue2 = ((Long) httpServerConfig.getMaxDirectMemory().map((v0) -> {
            return v0.toBytes();
        }).orElse(0L)).longValue();
        if (httpServerConfig.getHttpBufferPoolType() == HttpServerConfig.HttpBufferPoolType.FFM) {
            return new ConcurrentRetainableBufferPool(longValue, longValue2);
        }
        ArrayByteBufferPool.Quadratic quadratic = new ArrayByteBufferPool.Quadratic(0, i, Integer.MAX_VALUE, longValue, longValue2);
        quadratic.setStatisticsEnabled(true);
        return quadratic;
    }

    private ConnectionFactory[] insecureFactories(HttpServerConfig httpServerConfig, HttpConfiguration httpConfiguration) {
        ConnectionFactory httpConnectionFactory = new HttpConnectionFactory(httpConfiguration);
        ConnectionFactory hTTP2CServerConnectionFactory = new HTTP2CServerConnectionFactory(httpConfiguration);
        hTTP2CServerConnectionFactory.setInitialSessionRecvWindow(Math.toIntExact(httpServerConfig.getHttp2InitialSessionReceiveWindowSize().toBytes()));
        hTTP2CServerConnectionFactory.setInitialStreamRecvWindow(Math.toIntExact(httpServerConfig.getHttp2InitialStreamReceiveWindowSize().toBytes()));
        hTTP2CServerConnectionFactory.setMaxConcurrentStreams(httpServerConfig.getHttp2MaxConcurrentStreams());
        hTTP2CServerConnectionFactory.setInputBufferSize(Math.toIntExact(httpServerConfig.getHttp2InputBufferSize().toBytes()));
        hTTP2CServerConnectionFactory.setStreamIdleTimeout(httpServerConfig.getHttp2StreamIdleTimeout().toMillis());
        return new ConnectionFactory[]{httpConnectionFactory, hTTP2CServerConnectionFactory};
    }

    private ConnectionFactory[] secureFactories(HttpServerConfig httpServerConfig, HttpConfiguration httpConfiguration, SslContextFactory.Server server) {
        ConnectionFactory httpConnectionFactory = new HttpConnectionFactory(httpConfiguration);
        ConnectionFactory aLPNServerConnectionFactory = new ALPNServerConnectionFactory(new String[0]);
        aLPNServerConnectionFactory.setDefaultProtocol(httpConnectionFactory.getProtocol());
        ConnectionFactory sslConnectionFactory = new SslConnectionFactory(server, aLPNServerConnectionFactory.getProtocol());
        ConnectionFactory hTTP2ServerConnectionFactory = new HTTP2ServerConnectionFactory(httpConfiguration);
        hTTP2ServerConnectionFactory.setInitialSessionRecvWindow(Math.toIntExact(httpServerConfig.getHttp2InitialSessionReceiveWindowSize().toBytes()));
        hTTP2ServerConnectionFactory.setInitialStreamRecvWindow(Math.toIntExact(httpServerConfig.getHttp2InitialStreamReceiveWindowSize().toBytes()));
        hTTP2ServerConnectionFactory.setMaxConcurrentStreams(httpServerConfig.getHttp2MaxConcurrentStreams());
        hTTP2ServerConnectionFactory.setInputBufferSize(Math.toIntExact(httpServerConfig.getHttp2InputBufferSize().toBytes()));
        hTTP2ServerConnectionFactory.setStreamIdleTimeout(httpServerConfig.getHttp2StreamIdleTimeout().toMillis());
        return new ConnectionFactory[]{sslConnectionFactory, aLPNServerConnectionFactory, hTTP2ServerConnectionFactory, httpConnectionFactory};
    }

    private static void setSecureRequestCustomizer(HttpConfiguration httpConfiguration) {
        httpConfiguration.setCustomizers(ImmutableList.builder().add(new SecureRequestCustomizer(false)).addAll(httpConfiguration.getCustomizers()).build());
    }

    private static ServletContextHandler createServletContext(Servlet servlet, Set<HttpServerBinder.HttpResourceBinding> set, Set<Filter> set2, Set<String> set3, boolean z, boolean z2, boolean z3) {
        ServletContextHandler servletContextHandler = new ServletContextHandler(0);
        ErrorHandler errorHandler = new ErrorHandler();
        errorHandler.setShowStacks(z);
        errorHandler.setShowMessageInTitle(z);
        servletContextHandler.setErrorHandler(errorHandler);
        if (z2) {
            servletContextHandler.getServletHandler().setDecodeAmbiguousURIs(true);
        }
        Iterator<Filter> it = set2.iterator();
        while (it.hasNext()) {
            servletContextHandler.addFilter(new FilterHolder(it.next()), "/*", (EnumSet) null);
        }
        for (HttpServerBinder.HttpResourceBinding httpResourceBinding : set) {
            ClassPathResourceFilter classPathResourceFilter = new ClassPathResourceFilter(httpResourceBinding.getBaseUri(), httpResourceBinding.getClassPathResourceBase(), httpResourceBinding.getWelcomeFiles());
            servletContextHandler.addFilter(new FilterHolder(classPathResourceFilter), classPathResourceFilter.getBaseUri() + "/*", (EnumSet) null);
        }
        if (z3) {
            servletContextHandler.insertHandler(new GzipHandler());
        }
        servletContextHandler.addServlet(new ServletHolder(servlet), "/*");
        servletContextHandler.setVirtualHosts((List) set3.stream().map(str -> {
            return "@" + str;
        }).collect(ImmutableList.toImmutableList()));
        return servletContextHandler;
    }

    @VisibleForTesting
    Set<X509Certificate> getCertificates() {
        ImmutableSet.Builder builder = ImmutableSet.builder();
        this.sslContextFactory.ifPresent(server -> {
            try {
                KeyStore keyStore = server.getKeyStore();
                Iterator it = Collections.list(keyStore.aliases()).iterator();
                while (it.hasNext()) {
                    Certificate certificate = keyStore.getCertificate((String) it.next());
                    if (certificate instanceof X509Certificate) {
                        builder.add((X509Certificate) certificate);
                    }
                }
            } catch (Exception e) {
                log.error(e, "Error reading certificates");
            }
        });
        return builder.build();
    }

    @Managed
    public Long getDaysUntilCertificateExpiration() {
        return (Long) getCertificates().stream().map((v0) -> {
            return v0.getNotAfter();
        }).min(Comparator.naturalOrder()).map(date -> {
            return ZonedDateTime.ofInstant(date.toInstant(), ZoneId.systemDefault());
        }).map(zonedDateTime -> {
            return Long.valueOf(ZonedDateTime.now().until(zonedDateTime, ChronoUnit.DAYS));
        }).orElse(null);
    }

    @Managed
    @Nested
    public ConnectionStats getHttpConnectionStats() {
        return this.httpConnectionStats;
    }

    @Managed
    @Nested
    public ConnectionStats getHttpsConnectionStats() {
        return this.httpsConnectionStats;
    }

    @Managed
    @Nested
    public MonitoredQueuedThreadPoolMBean getServerThreadPool() {
        return this.monitoredQueuedThreadPoolMBean;
    }

    @PostConstruct
    public void start() throws Exception {
        this.server.start();
        Preconditions.checkState(this.server.isStarted(), "server is not started");
    }

    @PreDestroy
    public void stop() throws Exception {
        this.server.setStopTimeout(0L);
        this.server.stop();
        if (this.scheduledExecutorService != null) {
            this.scheduledExecutorService.shutdown();
        }
    }

    @VisibleForTesting
    void join() throws InterruptedException {
        this.server.join();
    }

    private SslContextFactory.Server createReloadingSslContextFactory(HttpsConfig httpsConfig, ClientCertificate clientCertificate, String str) {
        if (this.scheduledExecutorService == null) {
            this.scheduledExecutorService = Executors.newSingleThreadScheduledExecutor(Threads.daemonThreadsNamed("HttpServerScheduler"));
        }
        return new ReloadableSslContextFactoryProvider(httpsConfig, this.scheduledExecutorService, clientCertificate, str).getSslContextFactory();
    }

    private static ServerConnector createServerConnector(ServerSocketChannel serverSocketChannel, Server server, Executor executor, int i, int i2, ConnectionFactory... connectionFactoryArr) throws IOException {
        ServerConnector serverConnector = new ServerConnector(server, executor, (Scheduler) null, (ByteBufferPool) null, i, i2, connectionFactoryArr);
        serverConnector.open(serverSocketChannel);
        return serverConnector;
    }

    private static OptionalLong toSafeBytes(DataSize dataSize) {
        return dataSize == null ? OptionalLong.empty() : OptionalLong.of(dataSize.toBytes());
    }
}
